Latin America, with regulatory heterogeneity, presents a unique scenario to explore the application and combination of digital and electronic signatures in the generation and verification of documents. This article breaks down the difference between Digital Signature and Electronic Signature, their legal framework in selected Latin American countries, and how the combination of both can represent a robust solution for documentary authenticity in the financial sector. Towards the end of the article, a way forward is also proposed for the joint implementation of digital and electronic signature, thus guaranteeing the validity and irrefutability of legal documents, regardless of the regulatory framework or the country in question.
Digital Signature and Electronic Signature: Key Definitions
- It uses asymmetric cryptography to ensure document integrity.
- Attaches a digital certificate issued by a certifying entity that validates the identity of the institution.
- It offers a high level of security and is widely legally accepted for authenticating documents.
- It is an electronic representation of the handwritten signature.
- Its legal validity may vary, and in many cases, requires additional identity verification processes.
- Simpler and more accessible for the end user, but with a variable level of security.
- A digital certificate is an electronic document that uniquely links an individual or legal entity with a public key. This certificate is issued by a trusted certification authority and is used to ensure the authenticity and integrity of digital documents.
- Certification entities are trusted organizations that issue digital certificates and validate the identity of the parties involved in an electronic transaction. These entities play a crucial role in ensuring the security and authenticity of digital and electronic signatures.
Legality and Applicability according to the country
The legality and applicability of the Digital Signature and Electronic Signature vary considerably between Latin American countries. Below is a review of the situation in some of the Latin American countries where this type of rubrics are most used:
In Peru, the main regulation that covers electronic and digital signatures is Law No. 27269, known as the Law of Digital Signatures and Certificates, enacted on May 26, 2000. This law aims to regulate the use of electronic signatures, granting it the same validity and legal effectiveness as the use of a handwritten signature or another analogous signature that entails expression of will.1
Additionally, the law establishes guidelines on digital certificates. For example, Article 7 of the law mentions that digital certificates issued by certification entities must contain data that undoubtedly identifies the subscriber, data that identifies the Certification Entity and the public key. 2
Law No. 27269 was later modified by Law No. 27310, which reaffirms and expands the regulations on the use of digital signatures, establishing general guidelines regarding Certification Service Providers 3. In addition, additional legislative modifications have been made to incorporate complementary, transitional and final provisions to Law No. 27269, as detailed in a Legislative Decree that modifies both Law No. 27269 and Decree Law No. 25632, Framework Law on Receipts of Payment. 4
Distinction between Digital and Electronic Signatures in Peru
In Peru, the distinction between the electronic signature and the digital signature is based on the degree of security and legal validity that both possess. Here are the key differences between these two ways of signing documents or electronic transactions, based on information provided by multiple sources:
- It is defined as any symbol based on electronic means used by a party to link or authenticate a document, fulfilling all or some of the characteristic functions of a handwritten signature. 5
- The electronic signature is a broader concept that can include various types of signatures, not necessarily associated with a digital certificate. 6
- It is a specific version of the electronic signature that uses a special cryptography technique and requires certification, providing a higher degree of security and authenticity. 7
- It is important to mention that, in the context of the digital signature, a digital certificate issued by an entity within the framework of the Official Electronic Signature Infrastructure (IOFE) of Peru is used. This certificate validates the identity of the signer and guarantees the integrity of the digitally signed document.9
This distinction between electronic signature and digital signature allows parties involved in electronic transactions to have clarity about the level of security and authenticity that is being applied, which is crucial especially in sensitive sectors such as financial and legal. Therefore, the choice between using an electronic signature or a digital signature, or a combination of both, will depend on the security and legal validity requirements needed for each specific situation.
In Chile, Law No. 19,799, on Electronic Documents, Electronic Signature and Certification Services of Said Signature, constitutes the main legal framework that regulates electronic and digital signatures in the country. This law was promulgated on March 25, 2002 and establishes the way in which State institutions must carry out their administrative procedures within the framework of electronic management. 10 11
Within the provisions of this law, it is highlighted that the acts, contracts and documents of State bodies, signed by electronic signature, will have the same validity and will produce the same effects as those issued in writing on paper 12. Likewise, acts and contracts granted or entered into by natural or legal persons, signed by means of an electronic signature, will be valid in the same way and will produce the same effects as those entered into in writing and on paper. 13
Likewise, Law No. 19,799 establishes rights and obligations for users or holders of electronic signatures, such as the right to be informed about the general characteristics of the procedures for creating and verifying electronic signatures, as well as the rules on certification practices, among others.14
This law, together with its subsequent modifications and regulations, provides a robust framework for the use and validation of electronic and digital signatures in Chile, thus facilitating the authentication of documents and transactions in the digital sphere, which is essential for the development of the financial sector and other economic sectors in the country.
Distinction between Digital and Electronic Signatures in Chile
In Chile, the difference between digital signature and electronic signature lies mainly in the security levels and the legal framework that supports each type of signature. Below are the key differences:
- Electronic signature is any sound, symbol or electronic process that allows the recipient of an electronic document to at least formally identify its author. 16
- It can be divided into Simple Electronic Signature (FES) and Advanced Electronic Signature (FEA), where the advanced one provides a higher degree of security and authenticity by being associated with certain cryptographic and certification methods, although still within a legal framework that supports its validity.
- The digital signature is a type of advanced electronic signature, which provides a higher degree of security by using asymmetric cryptography systems to guarantee the authenticity and integrity of digital documents and transactions. 17
- In this type of signature, cryptographic methods and certifications are used to ensure the authenticity and integrity of the document, providing a robust regulatory framework that supports its legal validity. 18
In summary, while the electronic signature focuses on digitally representing a person’s signature in a way that can be legally recognized, the digital signature goes a step further, incorporating cryptographic technologies to guarantee a higher degree of security, authenticity and integrity in digital transactions. These differences are crucial to understanding the legal framework and security implications in document management and digital transactions in Chile.
In Colombia, Law 527 of 1999 is the main regulation that regulates the use of digital signature and electronic signature, providing a legal framework for the access and use of data messages, electronic commerce, and establishing certification entities, among other provisions. This law establishes the electronic signature as an equivalent of the handwritten signature, granting it the same validity and legal effects, as long as it meets the reliability requirements established in subsequent regulations such as Decree 2364 of 2012. 19 20
Decree 2364 of 2012 defines the digital signature and regulates it as a type of electronic signature, providing greater clarity on its use and application in the legal and commercial field. Furthermore, this decree enshrines the electronic equivalent of the signature, which facilitates the adoption of the digital signature in different electronic processes and transactions. 21.
Additionally, Decree 526 of 2021 is another relevant regulation that, together with those mentioned above, makes up the regulatory framework on electronic signatures in Colombia, facilitating the management and storage in digital format of electronically signed employment contracts, among other documents. 22
The set of these laws and decrees provides a robust framework for the adoption and validation of electronic and digital signatures in Colombia, facilitating the digitalization of processes and contributing to legal security in the country’s digital sphere. Also, they promote operational efficiency in various sectors, including the financial sector, by allowing the authentication and verification of documents and electronic transactions in a reliable and secure manner.
Distinction between Digital and Electronic Signatures in Colombia
In Colombia, the difference between the electronic signature and the digital signature is established according to Law 527 of 1999 and several additional regulations. The distinction between these two ways of signing electronic documents in Colombia is detailed below:
- It refers to any type of mechanism that allows a person to be identified and associated with an electronic document. This may include a code, a password, a biometric data, or a pictographic key.
- The electronic signature serves to show the identity of the signatory, but in the event of a legal controversy, the help of an expert witness would be required to demonstrate the authenticity and reliability of the signature. 23
Certified Electronic Signature:
- This type of signature is issued through a certification entity, which provides additional guarantee on the integrity of the signature, reducing the risk of repudiation or alteration of the document.
- Although defined in Decree Law 019 of 2012, they have not yet been fully regulated, which means that it is still not entirely clear what their effects and specific characteristics are. 24.
- The digital signature uses cryptography, specifically a mathematical procedure that allows a document to be sent with a key that only the generator of the message has. This makes it one of the most secure forms of signature.
- For the issuance of a digital signature in Colombia, the intervention of a third party, called a digital certification entity, is always required. Digital signatures are based on public key technology that uses asymmetric cryptography.
- According to decree 333 of 2014, digital signatures in Colombia are backed by a digital certification entity, which provides an additional level of security and guarantees the non-repudiation attribute. 25
These differentiations are aligned with the definitions and technical and legal characteristics of the Digital Signature and Electronic Signature, providing a clear framework for their use and validity in the judicial and commercial field in Colombia. In addition, it is mentioned that the type of signature to be used will depend on the risk linked to the process or electronic procedure and the characteristics of use. 26
Other sources corroborate these definitions and add that in Colombia, digital, electronic and certified electronic signatures are judicially valid and have authenticity, that is, they serve to show the identity of the signatory. 27 28 29
In Ecuador, the Law on Electronic Commerce, Signatures and Data Messages regulates aspects related to Digital Signature and Electronic Signature. Enacted in 2002, this legislation establishes the foundations for the use of electronic and digital signatures in the country, providing a legal framework for the authentication of documents and electronic transactions.31
This law regulates data messages, electronic signatures, certification services, electronic and telematic contracting, and the provision of electronic services through information networks, including electronic commerce and the protection of users of these systems. 32 33. It also establishes information certification entities and details public obligations in terms of electronic administrative procedures.
The regulations stipulated in this law have been fundamental to promote the digitalization of processes in various economic sectors in Ecuador, including the financial sector. Through the definition and regulation of the electronic signature and certification services, the authentication and verification of documents and electronic transactions has been facilitated, contributing to legal security and operational efficiency in the country. 35 36
Distinction between Digital and Electronic Signatures in Ecuador
In Ecuador, the distinction between digital signature and electronic signature is based on the purpose and degree of security provided by each one. Below are the key differences between these two ways of signing documents or electronic transactions, based on information provided by multiple sources:
- The electronic signature consists of a set of electronic data that accompanies certain information (also in electronic format). This type of signature has a legal purpose equivalent to a handwritten signature and seeks to attest to the will of the signer. In Ecuador, three types of electronic signature are recognized:
- Simple Electronic Signature
- Advanced Electronic Signature
- Qualified Electronic Signature 37
- The digital signature is a specific technical implementation of some electronic signatures through the application of cryptographic algorithms. In this case, reference is made to the encryption/decryption technology on which some electronic signatures are based, such as advanced. 38
These differences are critical to understanding the legal and technical requirements in the use of electronic and digital signatures in Ecuador. The choice between using an electronic signature or a Qualified Electronic signature, or combination of both, will depend on the security and legal validity requirements needed for each specific situation. It is important to mention that, in the context of digital signature, cryptography provides an additional layer of security, ensuring the authenticity and integrity of the digital document or transaction.
Additionally, the Telecommunications Regulation and Control Agency (ARCOTEL) is the entity in charge of regulating electronic signatures in Ecuador. This underlines the importance of adhering to the regulations and guidelines established by the competent authorities when using electronic or digital signatures in electronic transactions and documents in Ecuador.
In Panama, Law No. 51 of July 22, 2008, defines and regulates electronic documents and electronic signatures, as well as the provision of technological storage services for documents and certification of electronic signatures. This legislation was established with the objective of promoting the development of electronic commerce in the country, providing a solid legal framework for the digital authentication of documents and transactions. 39 40
Law No. 51 establishes the validity and legal effectiveness of electronic documents and electronic signatures, which is crucial to guarantee the integrity and authenticity of electronic documents and transactions in various economic sectors, including the financial sector. It also regulates the provision of technological storage services for documents and certification of electronic signatures, which facilitates the verification of the identity of the parties involved in electronic transactions.
Additionally, Law No. 82 of November 9, 2012 grants the Public Registry of Panama powers of registration authority, which is relevant for the management and verification of electronic certificates in the country.
These laws, together, provide a robust legal framework that facilitates digital authentication, contributing to the modernization of processes and legal security in the digital sphere in Panama.
Distinction between Digital and Electronic Signatures signature in Panama
In Panama, electronic signatures have a legal framework that supports them, however, there are many differences between the definitions in other countries. Below are details:
Qualified Electronic Signature:
- The Qualified Electronic Signature is a technological solution that is added to a cryptographic device, which allows giving legal value to electronic documents and transactions, by protecting the integrity of the data, authenticating the signatories and guaranteeing the non-repudiation of their authors. 41
- This signature is used to create unalterable marks on electronic documents, linking authors directly to the documents and ensuring the integrity of their content.
- The electronic signature is regulated in Panama through Law 51 of July 22, 2008, which was later modified by Law 82 of 2012. The latter granted the Public Registry of Panama powers of registration and root certification authority for electronic signatures. for the Republic of Panama, through the Electronic Signature Directorate.
- It is used within applications and web pages that use various authentication methods to verify the user’s identity. 42
- Although the terminologies may be used interchangeably in some contexts, a digital signature in Panama refers to a handwritten signature that has been scanned, and is not included as a concept under Panamanian law. 43
Other Related Concepts:
- Electronic certificate: The National Directorate of Electronic Signatures only issues electronic certificates to nationals and foreigners duly registered with the Electoral Tribunal. The electronic certificate is the means that guarantees the identity of the person and allows them to generate a qualified electronic signature.
In summary, the electronic signature in Panama is a broader concept that includes any form of electronic signature, while the digital signature specifically refers to the scanned handwritten signature, which is not regulated in Panama. The qualified electronic signature, on the other hand, provides a higher level of security and authenticity by being backed by a qualified electronic certificate. Additionally, electronic signatures are legally binding and use encryption methods to authenticate digital documents, providing a higher level of security and authenticity compared to a regular electronic signature. 44
In the Dominican Republic, the regulations that control electronic and digital signatures are Law number 126-02, enacted on September 4, 2002, on Electronic Commerce, Documents and Digital Signatures 45. This law constitutes a legal framework that facilitates electronic commerce and the validity of digital documents and signatures in the Dominican jurisdiction.
This legislation has been crucial in modernizing commercial transactions and providing a legal basis for document authentication in the digital realm. In addition, it contributes to the legal security of electronic transactions and the integrity of digital documents. Law 126-02 also establishes the bases for the use of electronic and digital signatures, which facilitates the identification of the parties involved in electronic transactions and guarantees the integrity and authenticity of electronic documents.
For a more detailed breakdown of the law and its regulations, the complete and updated version can be accessed on the portal of the Dominican Telecommunications Institute (INDOTEL) 46. It is also possible to consult a recent edition that includes an academic analysis of Law 126-02, carried out by experts from Argentina, Spain and the Dominican Republic, which is available in the Library of the National School of Judiciary 47. This analysis can provide a deep understanding of how the law regulates electronic and digital signatures, and how these technologies are being applied in the Dominican context.
Distinction between Digital and Electronic Signatures in the Dominican Republic
In the Dominican Republic, the distinction between electronic signature and digital signature is established through a specific legal framework, and both are designed to facilitate transactions and authentication in the digital environment. Each one is explained below:
- It is defined as a series of data that serves to identify the sender or receiver of a message or digital document. However, the electronic signature does not meet the legal requirements of the Dominican Republic to be considered a digital signature. 48.
- It is a specific technical implementation that uses asymmetric cryptography and a mathematical procedure to link the signature with the message or document, thus guaranteeing its integrity and authenticity.
- The digital signature in the Dominican Republic is regulated by Law Number 126-02 on Electronic Commerce, Documents and Digital Signatures, promulgated on September 4, 2002, and its application regulations approved by Decree 335-03, as well as by the Complementary Standards 49.
- It is defined in the law as the digital document issued and digitally signed by a certification entity, which uniquely identifies a subscriber during the period of validity of the certificate, and which constitutes proof that said subscriber is the source or originator of the content of the certificate. a digital document or data message that incorporates its associated certificate. 50
Digital and electronic signatures in the Dominican Republic are designed to identify and link a person with the creation of a data message, an act or a contract, and have their approval. Certification Entities are the issuers of digital certificates that validate these signatures.
In Venezuela, the legal framework that regulates electronic and digital signatures is Decree No. 1204 with the Rank and Force of Law on Data Messages and Electronic Signatures, promulgated on February 28, 2001. This decree grants and recognizes effectiveness and legal value to the electronic signature, to data messages and to all information in electronic format, being applicable to both natural and legal persons, public or private 54 55.
The Decree establishes regulations on how electronic signatures in contracts should be handled, and the value and effectiveness of this type of signatures in the legal and commercial field. For example, in article 6, it is established that when the law requires a handwritten signature for certain legal acts or transactions, that requirement is satisfied with a data message associated with an electronic signature 56.
In the context of digitalization, this legal framework has been crucial for the validation of electronic transactions and documents, providing a solid foundation for digital authentication in the country. This decree holds particular importance for Venezuela’s financial sector and other economic sectors, as it eases the execution of transactions and documentary processes electronically in a nation transitioning to forced digitalization due to a stark scarcity of physical cash.
For more details about the law and its regulations, you can access the full text of the Decree on the official portal of the National Assembly of Venezuela, or on the official page of the regulatory entity for the telecommunications sector in Venezuela, CONATEL 57 58.
Distinction between Digital and Electronic Signatures in Venezuela
In Venezuela, the difference between the electronic signature and the digital signature focuses on the verification of identity and data integrity. Here we present a detailed explanation of each one:
- The electronic signature is a set of electronic data associated with a file, which is used to verify the identity of the person who uses it. 59
- Examples of electronic signatures include passwords, a debit card PIN, a digitized version of a handwritten signature, and the use of a fingerprint to unlock devices. 60
- The Law on Data Messages and Electronic Signatures of Venezuela establishes a differentiation in the probative value of electronic documents that have an electronic signature compared to those that do not have it. 61
- Digital signature is a specific type of electronic signature that uses cryptographic technology to provide a higher level of security and authenticity.
- It uses encryption systems to identify the signer and ensure the integrity of the file, which means that the document has not been altered since it was signed. 62
- In Venezuela, for a digital signature to have full legal effectiveness, it must be certified by certification service providers authorized by the Superintendency of Electronic Certification Services (SUSCERTE). 63
These distinctions are crucial to understanding how the authentication and integrity of documents is handled in the digital sphere, especially in the Venezuelan legal framework. Each type of signature has its applications and validity, which impacts how they are treated legally and evidentiarily in different scenarios.
For all regulatory frameworks:
How to integrate digital signature and electronic signature towards a Secure and Compliant Transaction
A widely applicable use scenario where the perfect combination of rubrics in digital format guarantees the authenticity, integrity and conformity of legal documents, regardless of the regulatory framework, is the issuance and validation of said documents through a combination of digital and electronic signatures. This process can be key for financial institutions that need to ensure the validity and non-repudiation of their legal documents. Below is a detailed step-by-step diagram to carry out this combination of technologies safely and efficiently:
- The client is requested to participate in a video identity verification session, where it is automatically verified that the person on the computer matches the photo on the provided identity document.
Customer Electronic Signature:
- Once the identity is validated, the customer is requested to electronically sign the document. This can be done through a secure platform that captures the client’s electronic signature through a web form.
Generation of the Document Signed by Both Parties:
- The document is generated in real time with the client’s dynamic data along with their electronic signature. During this process, the digital signature is added to the document, using a digital certificate issued by a recognized certifying entity. This digital signature ensures the document’s integrity and the authenticity of the issuing institution.
Notification and Access:
- The client is notified that the process has been completed, and is provided access to the document signed electronically and digitally for review and filing.
Audit and Recording:
- All steps of the process are digitally recorded for future audits and regulatory compliance.
This process not only ensures the integrity and authenticity of the document, but also provides complete traceability, which is crucial to comply with regulations and to resolve any future disputes that may arise. Additionally, the combination of electronic signature and digital signature allows for greater efficiency and speed in the management of legal documents, which in turn improves the customer experience and reduces processing times. This approach can be replicated and adapted according to the legal and technical specificities of each country, allowing institutions to operate safely and efficiently in the digital environment.